smtp auth is still required, the spammer would need to know password also ----- Original Message ----- From: "Noel J. Bergman" <[EMAIL PROTECTED]> To: "James Users List" <[EMAIL PROTECTED]> Sent: Tuesday, October 15, 2002 2:09 PM Subject: RE: transport processor
> JR, > > > i am considering disabling verifyidentity and making > > the folowing changes to the transport processor: > > <!-- this begins my modification to the transport processor --> > <mailet > match="SenderIs=user1@localhost,user2@localhost,user3@localhost,user3@otherh > ost" > class="RemoteDelivery"> > <outgoing> file://var/mail/outgoing/ </outgoing> > <delayTime> 21600000 </delayTime> > <maxRetries> 5 </maxRetries> > </mailet> > > The problem is that anyone can forge the sender information. As soon as a > spammer seems an e-mail coming from your server, they can come right back to > it, forge the user name, and ... voila! ... you are an Open Relay. Do not > pass GO, go directly to DNS RBL jail. > > --- Noel > > > -- > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> > > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
